Disclaimer: This tool is for educational and research purposes only. It is designed to demonstrate how client-side JavaScript can access and transmit web storage and browser data. Do not deploy or use this tool without full knowledge and consent of all affected users.
This project demonstrates how a web client (via a Tampermonkey userscript) can collect a variety of browser and device information, and send it to a backend server for logging and analysis.
The backend is built using Node.js and Express, and supports logging to the file system as well as forwarding data to a Discord webhook.
-
Extracts data from:
localStorage,sessionStorage,cookiesindexedDBnamescacheStoragekeysperformance&navigationtimingclipboardcontents (if permitted)geolocation(if user consents)- Media device metadata
- Discord token (only on
discord.com)
-
Sends data to a local backend via HTTP requests
-
Listens on port
443(changeable) -
Routes:
GET /api/validation: Simple handshakePOST /api/handler: Receives, logs, and forwards data
-
Logs:
- Saves requests to
logs/as.json - Sends a summary + file to a Discord webhook
- Saves requests to
-
Clone the repo and install dependencies:
npm install
-
Create a
logsdirectory if it doesn't exist (handled automatically). -
Add your Discord webhook to the
discordWebhookURLvariable. -
Run the server:
node app.js
Note: The server listens on port
443, which typically requires root/admin permissions. Consider changing to port3000for local development.
-
Install Tampermonkey in your browser.
-
Create a new script and paste the
// ==UserScript== ...code. -
Make sure your backend is accessible at
http://localhost:443or update the script to match the correct server URL.
This code is distributed for educational purposes under the MIT License.
